The cryptocurrency industry has been rocked by a devastating security breach, as Dubai-based exchange Bybit fell victim to a massive $1.4 billion hack—the largest in crypto history. The attack, which took place on February 21, 2025, has not only shaken investor confidence but also reignited concerns over the security of centralized exchanges. As Bybit scrambles to contain the damage, the event underscores the ever-growing sophistication of cybercriminals targeting the digital asset space.
A Cold Wallet Breach That Shouldn’t Have Happened
Bybit’s security breach was particularly alarming because it involved an Ethereum cold wallet—typically considered one of the safest ways to store cryptocurrency due to its offline nature. However, hackers managed to drain approximately $1.46 billion worth of assets, including Ethereum (ETH), liquid-staked Ether (stETH), and Mantle Staked ETH (mETH).
Blockchain analytics firms, including Elliptic and Arkham Intelligence, quickly traced the stolen funds, revealing a complex attack that exploited a vulnerability in Bybit’s multisignature (multisig) wallet system. The hackers reportedly used a spoofed user interface to trick Bybit’s security team into approving malicious transactions, ultimately gaining access to the wallet’s funds.
Bybit CEO Ben Zhou confirmed the breach in a swift public statement, triggering panic among users and leading to a sharp downturn in the crypto market. The price of Ethereum dropped over 3% in the aftermath, while Bitcoin and other major cryptocurrencies also experienced declines as traders reacted to the breach.
The $5.5 Billion “Bank Run” and Market Chaos
The immediate fallout saw Bybit facing a mass exodus of funds. Fearful of further security lapses, users withdrew over $5.5 billion within hours, leading to what analysts described as a “bank run” on the exchange. Despite assurances from Zhou that Bybit remained solvent and had secured a bridge loan to cover potential losses, the sheer scale of withdrawals strained the platform.
The incident also had wider market implications. Panic selling triggered over $566 million in liquidations, wiping $75 billion from the broader crypto market. Bitcoin dipped below $95,000, while altcoins saw sharp corrections, further highlighting the fragile state of investor confidence.
Lazarus Group: The Usual Suspects?
As security teams investigated the attack, suspicion quickly fell on North Korea’s Lazarus Group, a state-backed hacking syndicate infamous for targeting crypto exchanges. On-chain sleuths, including ZachXBT and Arkham Intelligence, identified patterns linking the Bybit hack to previous Lazarus exploits, such as the $620 million Ronin Bridge attack in 2022.
Given North Korea’s long-standing reliance on crypto thefts to fund its economy and missile programs, the latest attack raises fresh concerns about the geopolitical dimensions of blockchain security.
Lessons for the Industry
The Bybit hack serves as a wake-up call for the crypto industry, highlighting the vulnerabilities of even the most established exchanges. It also raises questions about the security of multisig wallets and the ability of exchanges to withstand sophisticated phishing and UI spoofing attacks.
Bybit has since launched a bounty program to recover stolen funds and collaborated with Binance and Bitget to shore up liquidity. However, the long-term impact on user trust and the broader crypto landscape remains uncertain.
This event underscores a harsh reality—despite growing institutional adoption, crypto remains a high-stakes battleground where security missteps can have catastrophic consequences.